pfSense Bandwidth Limit Guide: IP, VLAN, and Alias

Managing network bandwidth is essential in any professional IT environment. Without proper bandwidth control, a few heavy users can easily consume all available resources and impact the entire network.

In this tutorial, you will learn how to configure pfSense Bandwidth Limit using three practical methods:

• Limit bandwidth by Interface

• Limit bandwidth by IP address (per user)

• Limit bandwidth for a group of users using Alias

These methods allow administrators to control network usage, ensure fair distribution, and maintain stable performance across the network.

📺 Watch the full video tutorial for the complete lab demonstration.

1️⃣ Limit Bandwidth by Interface

This method limits the total bandwidth of an entire VLAN or interface. It is useful when you want to enforce a fixed bandwidth allocation for a specific network segment.

For example:

• VLAN A: Full bandwidth

• VLAN B: Limited to 100 Mbps

Configuration Steps

Navigate to:

Create a limiter with the following settings:

Next, apply this limiter to the firewall rule.

Go to:

Edit the rule and assign the limiter in the In/Out pipe section.

⚠️ Disadvantage

This method does not distribute bandwidth evenly among users. All devices connected to this VLAN share the same bandwidth pool. If one user consumes most of the bandwidth, others may experience slower speeds.

2️⃣ Limit Bandwidth by IP (Per User)

Limiting bandwidth per IP ensures that each user receives a fixed amount of bandwidth, preventing any single device from dominating the network.

This is one of the most commonly used configurations in enterprise and office networks.

Step 1 – Create a Download Limiter

Navigate to:

Add a new limiter:

Meaning

Each IP address will receive 10 Mbps download bandwidth.

Step 2 – Create an Upload Limiter

Add another limiter:

Step 3 – Apply the Limiter to VLAN B

Go to:

Edit the rule that allows internet access.

In the Advanced Options section:

Select the following:

Then click:

Result

If VLAN B contains 5 users, the bandwidth allocation will be:

Each device receives its own bandwidth limit, ensuring no bandwidth sharing between users.

Limiter Configuration Summary

This configuration ensures stable performance and fair distribution across the network.

3️⃣ Limit Bandwidth for a Group (Same VLAN)

In many environments, administrators need to apply bandwidth policies to specific groups of users rather than individual devices.

pfSense allows this using Aliases and firewall rules.

Scenario 1 – Limit a Specific Group

Step 1

Create an Alias and add the IP addresses of the group.

Step 2

Create Rule 1 to allow internet access for this Alias and assign a Limiter to this rule.

Step 3

Create Rule 2 to allow internet access for the LAN Subnet.

Scenario 2 – Full Access for One Group, Limit Others

Sometimes certain users such as IT staff or management require full bandwidth while others should be limited.

Step 1

Create an Alias containing those IP addresses.

Step 2

Create Rule 1 allowing internet access for this Alias (no limiter).

Step 3

Create Rule 2 allowing internet access for the LAN Subnet, and assign a Limiter to this rule.

Important Note

pfSense processes firewall rules from top to bottom, and the first matching rule takes effect.

Because of this behavior, always ensure that priority rules are placed above general rules.

Conclusion

Using pfSense Bandwidth Limit, administrators can efficiently manage network traffic and ensure fair bandwidth allocation. Depending on your requirements, you can apply bandwidth policies in several ways:

✔ Limit bandwidth per interface or VLAN
✔ Control speed per user using IP-based limits
✔ Apply policies to specific groups using Alias

When properly configured, these techniques help maintain stable network performance, prevent bandwidth abuse, and improve overall user experience.